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RR AL PARTY TN INTEREST 

The real party in interest in this appeal is the following party: International Business 
Machines Corporation of Armonk, N.Y. 
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RELATED APPEALS AND INTERFERENCES 

With respect to other appeals or interferences that will directly affect, or be directly affected 
by. or have a bearing on the Board's decision in the pending appeal, there are no such appeals or 
interferences. 
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STATUS OF CLAIMS 

A. TOTAL NUMBER OF CLAIMS IN APPLICATION 

Claims in the application are: 1-24 

B. STATUS OF ALL THE CLAIMS IN APPLICATION 

h Claiim canceled: none 

2. Claims withdrawn from consideration but not canceled: none 

3. Claims pending: 1-24 

4. Claims allowed; none 

5. Claims rejected: 1-24 

6. Claims objected to: none 

C CLAIMS ON APPEAL 

The claims on appeal are; 1-24 
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STATUS OF AMENDMENTS 

A response to final office action was filed by Appellants on Janu^ 30, 2006, and was 
indicated by the Examiner as not being entered in an Advisory Action dated Febmary 16, 2006. 
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SUMMARY OF CLAIMED SURIECT MATTER 

A. CLAIM I - INDEPENDENT 

Claim 1 is generally directed to a technique for managing autheatication such that when a 
first security context is created in i^ponse to a first user authentication, a second security context 
is created in response to a second user authentication which aggregates the two security contexts 
together, thereby enabling finer granularity for each individual security context. Specificallyp 
Claim 1 recites an authentication method, where a first security context is generated in response 
to a first user authentication, A second security context is generated in response to a second user 
authentication, where the second security context aggregates the first security context and a 
security context corresponding to an identify in the second user authentication (Specification 
page 10, line 16 - page U, line 22; HG 3» blocks 302, 304, 310 and 3 12). 

B. CLAIM 9 

Claim 9 is a program product claim corresponding to method Claim 1, and the summary of Claim 1 
is apphcable for Claim 9, and thus is hereby incorporated by reference. 

C. CLAIM 17 

Claim 17 is a system claim corresponding to method Claim 1 , and the simmiary of Claim 1 is 
applicable for Claim 17, and thus is hereby incorporated by reference. 
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GROUNPS OF REJECTION TO BE REVIEWED ON APPEAL 
A. GROUND OF REJECTION I (Claims 6, 14 and 22) 

Claims 6, 14 and 22 stand rejected under 35 U.S.C, § 1 12, first paragraph as failing to 
comply with the enablement requirement. 

GROUND OF REJECTION 2 (Qaims 1-24) 

Claims 1-24 stand rejected under 35 U.S.C. 8 103 (a) as being unpatentable over Savill 
(Where can I find a Unix su like utility?) and in view of Wu (U,S. Patent Number 5,774,55 1)» 
hereinafter referred to as Wu. 
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ARGUMENT 

A, GROUND OF REJECTION I (Claims 6, 14 and 22) 

A*L Claims 6, 14 and 22 

In rejecting Claixn 6 (and Claims 14 and 22) under 35 U.S.C, § 112, first paragraph, the 
Examiner states that the claim limitation "by a user who issued the user logoff is unclear, and 
thus not enabled. Appellants urge that specification support for Claim 6 is at Specification page 
13, Unes 2 -14 and lines 21-22, and depicted in Figure 3, blocks 314-320, There, if a user logout 
is received the current security context is destroyed and a reversion is made to use the 
(previously) saved security coiuext if aggregation is enabled. This allows a given user to login 
using different security contexts (Specification page 2» lines 12-20; page 3, lines 8-20). Thus, 
when the reversion is made to use the (previous) saved security context, the user who issued the 
logoff from the second context is able to continue to use the first context that existed prior to the 
second context being created. It is thus urged that the Specification does describe the features 
recited in Claim 6, and thus Claim 6 is enabled by the Specification. 

In an Advisory Action dated 2/1 6/06 p the Examiner erroneously states that Claim I recites 
a 'first user' and a 'second user' , and therefore the claimed feature of ••reverting to said first 
security context in response to a user logoff, wherein said first security context is then used to 
access security protected resources by a user who issued the user logofT* is being interpreted as 
being "said first security context is then used to access security protected resources by the second 
usef" (emphasis added by Appellants), and as such is not enabled. Applicants show error, in that 
contrary to the Examiner' s assertion. Claim 1 recites "a first security caruexf and a "second 
security context'' (and not a Tirst user* and a 'second user', as alleged by the Examiner). As per 
the Specification, a single user can have different security contexts (Specification page 2, lines 
14-20), the different security contexts being generated in response to different user 
authentications (Specification page 5, lines 5-6). The claimed authentication mechanism allows 
such a single user to selectively authenticate without necessarily giving up already established 
access, and as per the features of Claim 6, the user who issued the logoff from the second comext 
is able to continue to uae the first context that existed prior to the second context being created 
(Specification page 13, lines 2 -14 and lines 21-22, end depicted in Figure 3, blocks 314-320). 
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Therefore, the lejecUon of Claims 6, 14 and 22 under 35 U.S.C. § 1 12, first paragraph is 
shown to be in error, as the features recited in Claim 6 are in fact described in the specification, 
and thus are enabled. 

B. GROUND OF REJECTION 2 (aaims 1-24) 

B.l. Claims 1-5, 7-13. 15-21 and 23-24 

With respect to Claim 1, Applicant's urge that Wu*s stacking of authentication services is 
net done in response to a second user authentication, but rather is pre-existing and independent 
of any actual user authentication action. Importmitly^ Wu express ly teaches awav from a second 
user authenticatioQ , or of performing any action in response to sudi (missing) second user 
authentication, by its teaching of a unified, single user login. See, for example, Wu' s discussion 
at col, 3. lines 11-14» where it states: 

"It is also desirable to provide a system and method where user Is able to employ 
a single authenticatioa token with any number multiple authentication 
services to obtain a unifi^ lorfti ." (emphasis added by Applicants) 

Because of (his expressed desire by Wu to provide a single authentication token for accessing 
any number of multiple authentication services in order to obtain a unified (stogie) login, there 
would have been no reason or other motivation for Wai to perform any action in response to 
receiving a second user authentication (in addition to the first user authentication). Thus, there 
would have been no reason or other motivation to modify the teachings of the cited references to 
generate a second security context in response to a second user authenticcftion^ where this second 
security context is an aggregate af(i) said first security context and (ii) a security context 
corresponding to an identity in said second user authentication, as Wu abhors any type of such 
second user authentication- It is error to reconstruct the patentee's claimed invention from the 
prior art by using the patentee's claims as a *'blueprinf \ When prior art references require 
selective combination to render obvious a subsequent invention, there must be some reason for 
the combination other than the hindsight obtained from the invention itself. Interconnect 
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Planning Corp, v. Feil, 774 F.2d 1132, 227 USPQ 543 (Fed. Cii. 1985), When an obviousness 
determination is based on multiple prior art references, there must be a showing of some 
"teaching, suggestion, or reason" to combine the references, .absence of such suggestion to 
combine is dispositive in an obviousness determination", Cambro Lundia AS v. Baxter 
Healthcare Corp,, 110F.3d 1573, 42 USPQ2d 1378 (Fed. Cir. 1997). Because of Wu^s 
expressed desire to eliminate any need for a second user authentication - instead providing a 
unified login with a single user token - there would have been no motivation to one of ordinary 
skill in the art to modify the teachings of the cited references to generate a second security 
context (the second security context being an aggregate of (i) the first security context which was 
generated in response to a first user authentication, and (ii) a security context corresponding to an 
identity in the (missing) second security context) in response to a (missing) second user 
authentication). 

ki response to the above argument that ''Wu expressly teaches away from a second user 
authentication", the Examiner states in an Advisory Action dated 2/16/2006 that this argument is 
without merit since the alleged Ihnitation has not been recited in the claim. Applicants are 
rq)roducing herewith the idoitical language from Claim 1, with the relevant text highlighted to 
show that Claim 1 does in fact expressly recite a second user authentication: 

Claim 1: 

An authentication method comprising the steps of: 

generating a first security context in response to a first usct authentication; 

generating a second securitv context in resppnse to a second tiser 
authentication . wherein said second security context is an aggregate of said first 
security context and a security context corresponding to an identity in said second 
user authentication. 
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It is therefore urged that the missing claimed feature which Wu expressly teaches away 
from (a second user authentication) is expressly redted in Claim 1 , and therefore the Examiner" s 
reasoning in maintaining the final rejection of Claim 1 is shown to be in erron 

B.2. Claims 6y 14 and 22 

Further with respect to Claim 6 (and similarly for Claims 14 and 22), it is urged that a 
prima facie case of obviousness has not been properly established by the Examiner, and thus 
Claim 6 has been erroneously rejected^ . Claim 6 expressly recites *^everting to said first security 
context in response to a user logoff, wherein said first security context is then used to access 
security protected resources by a user who issued the user logofP*. In rejecting Claim 6, the 
Examiner points to the teachings of Saville lines 1-5 as teaching this claimed feature. Applicants 
urge that SaviUc expressly teaches away from the features of Claim 6, as Saville describes a 
special command that can be used to lamich an application at a different security level than the 
one that currently exists, in order to avoid a user having to logoff their current security context 
and re-login with a different security context. This special launching of an application, and as 
described at lines 4-5, is performed by a SU conomand. This SU command is a utility that allows 
a user to temporarily start applications running in.the security context of a different account 
(Saville lines 4-5), and gvoids the user from havinp to lofzoff (line 4), Thus. Saville expressly 
teaches away from the features of Claim 6, by teaching a technique that avoids logoff. In 
contrast. Claim 6 is explicitly directed to an action (reverting to the first security context) in 
response to a user logqff. Thus, it is urged that a proper prima facie case of obviousness has not 
been established by the Exanoiner as there are missing claimed features not taught or suggested 
by any of the cited references. Thus» Claim 6 is shown to have been erroneously rejected. 



^ In rejecting claims under 35 U.S.C. Section 103, the examiner bears the initial burden of presenting a 
prima facie case of obviousness. In re Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443. 1444 (Fed. Cir. 
1992). Only if that burden is met, docs the burden of coming forward with evidence or argument shift to 
Ths. applicant. Id, To establish prima facie obviousness of a claimed invention^ all of the claim limitaliona 
must be taught or suggested by the prior ait. MPEP 2143.03. Sec also, Tn re Royka, 490 R2d 580 
(C.CP.A. 1974). If the examuier f^ils to establish a prima facie case, the rejection is improper and will 
be overturned. In re Fine, 837 R2d 1071, 1074, 5 USPQ2d 1596. 1598 (Fed. Cir. 1988). 
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In oonclusion. Appellants have shown error in the Examiner* s final rejection of all 
claims, and thus requests that the Board reverse such final claim rejection of all claims. 



DukeW.Yee 
Reg. No. 34.285/ 
Wayne P. Bailey 
Reg. No. 34,289 

Yeb & Associates, P,C. 

PC Box 802333 
Dallas. TX 75380 
(972) 385-8777 
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(^LAIMS APPENDIX 

The text of the claims involved in the appeal arc: 

1 , An authentication method comprising the steps of; 

generating a first security context in response to a first user authentication; 

generating a second security context in response to a second user authentication, wherein 
said second security context is an aggregate of said first security context and a security context 
corresponding to an identity in said second user authentication, 

2, The method of claim 1 further comprising the step of saving said first security context, 

3, The method of claim 2 wherein said step of saving said first security context comprises 
the step of pushing said first security context on a stack. 

4, The method of claim 1 further comprising the step of receiving a user logoff. 

5, The method of claim 4 further comprising the step of destroying said second security 
context in response to said step of receiving said user logoff, 

6, The method of claim 2 further comprising the step of reverting to said first security 
context in response to a user logoff^ wherein said first security context is then used to access 
security protected resources by a user who issued the user logoff. 
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7. The tnethod of claim 6 wherein said step of reverting to said first security context 
comprises the step of popping said first security context off of a stack. 

8. The method of claim 1 further comprising the step of determining an access permission in 
response to said second security context, 

9. A computer program product embodied in a tangible storage medium, the program 
product comprising a program of instructions for performing the method steps of: 

generating a first security context in response to a first user authentication; 

generating a second security context in response to a second user authentication^ wherein 
said second security context is an aggregate of said first security context and a security context 
corresponding to an identity in said second user authentication, 

10. The program product of claim 9 ftirther comprising instructions for performing die step of 
saving said first security context 

1 1. The program product of claim 10 therein said step of saving said first security context 
comprises the step of pushing said first security context on a stack. 

12. The program product of claim 9 further comprising instructions for performing the step of 
receiving a user logoff. 
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13 . The program product of claim 12 further comprising instructions for performing the step 
of destroying said second security context in response to said step of receiving said user logoff. 

14. The program product of claim 10 further comprising instructions for performing the step 
of reverting to said first security context in response to a user logoff, wherein said first security 
context is then used to access security protected resources by a user who issued the user logoff » 

15. The program product of claim 14 wherein said step of reverting to said first security 
context comprises the step of popping said first security context off of a stack, 

16. The program product of claim 9 further comprising instructions for performing the step of 
determining an access permission in response to said second security context. 

17. A data processing system comprising: 

circuitry operable for generating a first security context in response to a first user 
authentication; 

circuitry operable for generating a second security context in response to a second user 
authentication, wherein said second security context is an aggregate of said first security context 
and a security context corresponding to an identity in said second user authentication. 

18. TTie system of claim 17 further comprising circuitry operable for saving said first security 
context 
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19. The system of claim 18 wherein said circuitry operable for saving said fust security 
context comprises the step of pushing said first security context on a stack. 

20. The system of claim 17 further comprising circuitry operable for receiving a user logoff. 

21. The system of claim 20 further comprising circuitry operable for desUoying said second 
security context in response to said step of receiving said user logoff. 

22. The system of claim 1 8 further comprising circuitry operable for reverting to said first 
security context in response to a user logoff, wherein said first seoirity context is then used to 
access security protected resources by a user who issued the user logoff. 

23. The system of daim 22 wherein said circuitry operable for reverting to said first seciu"ity 
context comprises circuitry operable for poppmg said first security context off of a stack. 

24. The system of claim 17 further comprising circuitry operable for detemnining an access 
permission in response to said second security context. 
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pyroENCE APPENDIX 
There is no evidence to be preseatccL 



(Appeal Brief Page 17 of 18) 
Rinkcvicb et al. - 09/73 1 ,623 



PAGE 19/20 ' RCVD AT 4/25/2006 11:30:44 AM [Eastern Daylight Timer SVR:USPTO€FXRF-5/14 ' ONlS:27383flO ' mm 385 7766* DURATION (mni-ss):03-56 



Rpr 25 20 06 10:33RM YEE 8, flSSOCI RTES, P,C. 072J 385-7766 p,20 

T^FJ.ATEDPROCEKnTNGS APPENDIX 

There arc no related proceedings. 
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